Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Why a strong patch management strategy is essential for reducing business risk
In this Help Net Security interview, Eran Livne, Senior Director of Product Management, Endpoint Remediation at Qualys and Thomas Scheffler, Security Operations Manager of Cintas Corporation, discuss their experiences with automated patch management.

Securing remote access to mission-critical OT assets
In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments. Geyer also addresses the challenges and solutions for securing remote access to critical OT assets.

Leveraging dynamic configuration for seamless and compliant software changes
In this Help Net Security interview, Konrad Niemiec, CEO and Founder of Lekko, discusses the benefits of dynamic configuration in preventing system outages and enabling faster response times during incidents.

Why CISOs face greater personal liability
In this Help Net Security interview, Christos Tulumba, CISO at Veritas Technologies, discusses the key factors contributing to increased personal liability risks for CISOs. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches.

Cirrus: Open-source Google Cloud forensic collection
Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture.

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave
Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave.

Microsoft 365 users targeted by phishers abusing Microsoft Forms
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials.

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. CVE-2023-45249 is an authentication bypass vulnerability stemming from the use of a default password.

Some good may come out of the CrowdStrike outage
Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well.

Coding practices: The role of secure programming languages
Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities.

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system.

Microsoft: DDoS defense error amplified attack on Azure, leading to outage
A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed.

SMS Stealer malware targeting Android users: Over 105,000 samples identified
Zimperium’s zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. Detected during routine malware analysis, this malicious software has been found in over 105,000 samples, affecting more than 600 global brands. SMS Stealer’s extensive reach poses significant risks, including account takeovers and identity theft.

Enhancing threat detection for GenAI workloads with cloud attack emulation
Cloud GenAI workloads inherit pre-existing cloud security challenges, and security teams must proactively evolve innovative security countermeasures, including threat detection mechanisms.

What CISOs need to keep CEOs (and themselves) out of jail
CISOs know they have more security controls than they can manage: Tool sprawl and tool paralysis are known failings – line items for new cybersecurity controls are not the problem. If more cash for new or expanded controls is not what’s needed, what can CEOs give to CISOs to reduce risk and ultimately shore up the legal liability faced by the CEOs themselves?

Threat intelligence: A blessing and a curse?
Access to timely and accurate threat intelligence is now core to security operations for many organizations. Today, it seems that security teams are blessed with an abundance of data and intelligence feeds to choose from. However, selecting the right information from a myriad of sources and transforming it into action is, for many, a formidable challenge, and for some probably a curse.

The gap between business confidence and cyber resiliency
In this Help Net Security video, Jim Liddle, Nasuni’s Chief Innovation Officer, discusses the findings of its new 2024 industry research report, The Era of Hybrid Cloud Storage.

Practical strategies to mitigate risk and secure SAP environments
In this Help Net Security video, JP Perez-Etchegoyen, CTO of Onapsis, discusses the growing cyber risk associated with SAP’s legacy software and the urgent need for organizations to modernize their systems.

The cost of cybersecurity burnout: Impact on performance and well-being
This article includes excerpts from recent reports we covered, providing statistics and insights into the levels of stress and burnout experienced by cybersecurity professionals.

Insecure file-sharing practices in healthcare put patient privacy at risk
Healthcare organizations continue to put their business and patients at risk of exposing their most sensitive data, according to Metomic.

Average data breach cost jumps to $4.88 million, collateral damage increased
IBM released its annual Cost of a Data Breach Report revealing the global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams.

Innovative approach promises faster bug fixes
Modern software applications usually consist of numerous files and several million lines of code. Due to the sheer quantity, finding and correcting faults, known as debugging, is difficult. In many software companies, developers still search for faults manually, which takes up a large proportion of their working time.

Airlines are flying blind on third-party risks
The aviation industry has traditionally focused on physical security threats, but recent revelations about risks on Boeing‘s supply chain have spotlighted the critical need to measure and mitigate supply chain risk, according to SecurityScorecard.

Open-source project enables Raspberry Pi Bluetooth Wi-Fi network configuration
Remote.It released its open-source project to enable Raspberry Pi Bluetooth (BLE) Wi-Fi network configuration. The project allows a computer or mobile device to easily transfer a Wi-Fi configuration via Bluetooth, the same way users set up smart devices around the house.

Record-breaking $75 million ransom paid to cybercrime group
Ransomware attacks have reached new heights of ambition and audacity over the past year, marked by a notable surge in extortion attacks, according to a Zscaler.

Organizations fail to log 44% of cyber attacks, major exposure gaps remain
40% of tested environments allowed attack paths that lead to domain admin access, according to Picus Security.

Cybersecurity jobs available right now: July 31, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Review: Action1 – Simple and powerful patch management
Action1 is a SaaS-delivered cloud-native platform. This means no infrastructure, hardware, or software resources are needed to deploy and maintain the solution, and most importantly, no VPNs connecting endpoints and the management console – a welcome approach for any overstretched IT team. It also means you can register as a user, onboard, and get started in under five minutes.

eBook: 20 tips for secure cloud migration
More organizations rely on cloud platforms to reap the benefits of scalability, flexibility, availability, and reduced costs. However, cloud environments come with security challenges and vulnerabilities. The Thales 2020 Data Threat Report indicates that 49% of global respondents experienced a breach affecting data in the cloud.

Whitepaper: DevSecOps Blueprint
Learn how your organization can embed security at every layer: the tools and technologies, the processes (like IR and security testing), and the people involved. Help your developers work faster while maintaining security.

Infosec products of the month: July 2024
Here’s a look at the most interesting products from the past month, featuring releases from: AttackIQ, AuditBoard, Black Kite, BlueVoyant, Druva, GitGuardian, Invicti Security, IT-Harvest, LogRhythm, LOKKER, NordVPN, Pentera, Permit.io, Prompt Security, Quantum Xchange, Regula, Rezonate, Scythe, Secure Code Warrior, and Strata Identity.

New infosec products of the week: August 2, 2024
Here’s a look at the most interesting products from the past week, featuring releases from: Adaptive Shield, Fortanix, Clutch Security, Nucleus Security, Wing Security and Synack.



Source link